K8S-集群-证书更新
1、证书有效期查询
shell
kubeadm certs check-expiration2、当前证书备份
shell
cp -pr /etc/kubernetes /etc/kubernetes.bak
cp -pr /var/lib/etcd /var/lib/etcd.bak3、执行证书更新
shell
kubeadm certs renew all4、服务重启生效
shell
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' |awk -F ' ' '{print $1}' |xargs docker restart5、客户端证书自动更新
shell
/etc/kubernetes/kubelet.conf
/var/lib/kubelet/config.yaml
rotateCertificates: true6、更新kubeconfig
shell
mv ~/.kube ~/.kube.bak
mkdir ~/.kube
cp /etc/kubernetes/admin.conf ~/.kube/config